AI 시대의 보안 가이드: LLM 코드 생성과 기능 구현 시 주의할 점

AI가 생성한 코드는 리팩토링 과정에서 기존 보안 규칙을 무시하고 취약점을 유발할 수 있으므로 모든 단계에서 철저한 코드 리뷰가 필수적이다.

🔗 원문 보기

Rails 8.1 adds Local CI: a config/ci.rb DSL plus bin/ci runner that executes the same checks on your laptop and in GitHub Actions.

New apps come with #Brakeman, bundler-audit, #Rubocop, and system tests preconfigured.

https://go.fastruby.io/djq

#RubyOnRails #Rails81 #DevEx

SATURDAY MATINEE MUSIC VIDEO “The Brakeman’s Dead”

https://www.youtube.com/watch?v=dL0SoNTyIWA

#train #steamtrain #locomotive #brakeman #engineer #conductor #NeilYoung #CrazyHorse #SanFrancisco #TomMallon #ChrisvonSneidern #MichaelMiller #AaronGregory #TheAlarm #MikePeters #BennettGreen #JohnStuart #Marshallamp #JohnnyJBlair #singeratlarge #singersongwriter

#Brakeman 8.0.3 is released!

Age delay option for `--ensure-latest` and some bug fixes!

https://brakemanscanner.org/blog/2026/02/26/brakeman-8-dot-0-dot-3-released

#ruby #rails #infosec

Fun thread to wake up to: "Been ignoring Brakeman warnings for 2 years. Just found an actual SQL injection we missed."

Main issue: too many warnings!

Some tips for tuning:
* For CI, backlog and ignore existing warnings to only fail on new
* Filter low confidence warnings
* Turn off any checks that are noisy for your application

Brakeman _does_ do some data flow analysis to reduce false positives, but it also defaults to being a little paranoid!

https://www.reddit.com/r/rails/comments/1qyek84/been_ignoring_brakeman_warnings_for_2_years_just/

#brakeman #infosec

Some fixes for the new #Brakeman logger have been released in 8.0.1 and 8.0.2: https://github.com/presidentbeef/brakeman/releases/tag/v8.0.2

Let me know if you see any problems!

#rails #ruby